LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-28-2012, 12:17 AM   #1
bala.linuxtech
Member
 
Registered: Nov 2012
Location: Bangalore
Distribution: RHEL and Centos
Posts: 80

Rep: Reputation: Disabled
Question How to find out who is pinging me ?


Hi Geeks

I would like to know, How to find out Who is pinging/pinged my Linux System ? Please guide me to get answer for this question

Thanks in advance

Regards
Bala.Linuxtech
 
Old 12-28-2012, 01:07 AM   #2
azenenc
LQ Newbie
 
Registered: Jul 2012
Location: Mexico
Distribution: Slackware 12.2
Posts: 4

Rep: Reputation: Disabled
I used to use Netstat to find out: (Command is "netstat --inet6 -c -e -p -a")
Today all I do is to check my router's log. And OF COURSE I have a homemade linux router

Last edited by azenenc; 12-28-2012 at 02:31 AM. Reason: Missing number 6 at --inet
 
Old 12-28-2012, 01:11 AM   #3
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 134

Rep: Reputation: 30
Hi,

Put a line like the below in /etc/sysconfig/iptables.

Code:
-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
You need to insert that line at the right place.
If you cannot identify where, post back your /etc/sysconfig/iptables.


Then later
Code:
grep 'LOG_IPTABLES_PING_REQUEST: ' /var/log/messages
 
1 members found this post helpful.
Old 12-28-2012, 01:35 AM   #4
bala.linuxtech
Member
 
Registered: Nov 2012
Location: Bangalore
Distribution: RHEL and Centos
Posts: 80

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by tshikose View Post
Hi,

Put a line like the below in /etc/sysconfig/iptables.

Code:
-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
You need to insert that line at the right place.
If you cannot identify where, post back your /etc/sysconfig/iptables.


Then later
Code:
grep 'LOG_IPTABLES_PING_REQUEST: ' /var/log/messages
Hi tshikose

Thanks , it's interesting but i dont know where should i insert this line, This is my iptables file, pls guide me to get resolve this .. Thanks


# Generated by iptables-save v1.3.5 on Thu Dec 27 23:24:41 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15137:3829777]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Dec 27 23:24:41 2012
 
Old 12-28-2012, 02:37 AM   #5
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 134

Rep: Reputation: 30
Hi,

No problem, here we go.

Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15137:3829777]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
# I have removed the line here, that I had suggested and that you had inserted here. I have inserted it just before the ICMP rule below in RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Of course, you will also need to restart the iptables service with
Code:
service iptables restart
Remark that your system will still reply to ping request, what is added is just a logging capability.
To log and then to block (without any information sent back to the requester), you can add a line like the below after the logging line.

Code:
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type echo-request -j LOG --log-prefix "LOG_IPTABLES_PING_REQUEST: "
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type echo-request -j DROP
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pinging ubuntunewby Linux - Newbie 3 07-09-2011 02:06 PM
Pinging by Name? SlowCoder Linux - Networking 2 05-06-2009 02:45 PM
pinging delos Linux - Networking 6 07-02-2004 09:14 AM
Pinging?? Sherpa Linux - General 3 05-13-2004 07:23 AM
Oh, that constant pinging... thosm Linux - Networking 4 07-31-2003 01:32 PM


All times are GMT -5. The time now is 07:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration